Cisco 2500 Series Password Reset

Real World Application

While 2500 series routers are long since shocking to see in a production environment, there are some however that remain production to this day with up times of 8 years or more. The most common use for the Cisco 2500 Series Router(s) are for training purposes; commonly used in lab environments, the 2500 series router makes a great introductory router to the Cisco IOS (Internetwork Operating System).

Lab Prerequisites

Lab Objectives

Lab Instruction

Shown below is a Cisco 2501 router that has a console password on the device. With such password you will not be able to access exec mode without authenticating this password correctly. When buying routers used, you may commonly be faced with scenario.

Router con0 is now available

Press RETURN to get started.


User Access Verification

Password:

Step 1 – Power cycle the router or power on the router initially. While the router is booting you’ll need to break the boot sequence to boot the router into bootrom, you do this by holding down CTRL and pressing PAUSE BREAK. Do this repeatedly till you are placed at the bootrom prompt.

System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory

Abort at 0x10B1F3C (PC)
>

Step 2. Change the configuration register so that the router will ignore the contents of the NVRAM when booting into Cisco IOS. Set the configuration register to 0x2142 and initialize the router (Boot the router to IOS).

>o/r 0x2142
>i

Step 3a – (Option 1) – After the router has booted into Cisco IOS, you’ll be prompted by the initial configuration dialog, type n here and press enter and you’ll be placed into user mode. Now you’re able to place your self into privileged mode by typing enable. Once in privileged mode you can copy the startup configuration to the running configuration and then change the passwords manually then saved the configuration by to NVRAM by typing copy run start.

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n


Press RETURN to get started!

Router>enable
Router#copy start run
Destination filename [running-config]? 
506 bytes copied in 3.868 secs (168 bytes/sec)
ARCVRSR01#configure terminal
ARCVRSR01(config)#enable secret NEWENABLEPASSWORD
ARCVRSR01(config)#line con 0
ARCVRSR01(config-if)#password NEWPASSWORD
ARCVRSR01(config-if)#end
ARCVRSR01#copy run start
Destination filename [startup-config]? 
Building configuration...
[OK]
ARCVRSR01#

Step 3b – (Option 2) – After the router has booted into Cisco IOS, you’ll be prompted by the initial configuration dialog, type n here and press enter and you’ll be placed into user mode. Now you’re able to place your self into privileged mode by typing enable. Once in privileged mode you can erase the contents of NVRAM by issuing the write erase command.

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n


Press RETURN to get started!

Router>enable
Router#write erase
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router#

Step 5 – Once you’ve performed a password reset or NVRAM sanitation, you’ll need to set the configuration register back to 0x2102 so the router will boot normally and load the NVRAM contents upon a reboot or power failure.

Router#configure terminal
Router(config)#config-register 0x2102
Router(config)#end